To the best of my knowledge, Splunk does not support RELP. This is (as I'm sure you know) an rsyslog specific protocol that, while documented thoroughly, has only a few implementations outside of rsyslog itself. I don't even know how you've gotten network devices to send using RELP, but that might have been easy 😉
... View more
Thanks for you answer, however, doing a migration doesn't exactly fulfil the criteria I am trying to achieve at the moment.
My problem is that I am trying to make a new Splunk instance from scratch, and have it receive the same information that the current one is by manually modifying the configuration, settings, etc.
At the moment, the new instance is receiving some data, but not all of it.
From my understanding, the data is being sent from a separate rsyslog server, and it has been configured correctly to forward syslog files and other data to both the current and new splunk instances I have (I am pretty sure that the error is not on rsyslog's end).
So to rephrase, my real question is what exactly do I need to manually configure so that splunk receives and displays all of the data?
Please forgive me for my lack of knowledge; I am new to Splunk and my understanding of how to set it up isn't fantastic.
I'm happy to provide screenshots to provide more information if you'd like. Cheers.
... View more